You can also create an alias for an existing index by doing a post to your Elasticsearch cluster. Hit the aliases endpoint, and then, in the body, under our actions, we'll specify that we want to add, to the index Simpsons, the alias S.
When I post that, Elasticsearch acknowledges it, and then in future queries, I can use S as the endpoint name and it returns data from the Simpsons index. Also, after doing that, if I do a cat and show all the indices, you can see there is not an index named S listed, because it's just an alias for the Simpsons index.
We can do some other cool stuff with aliases, as well. I'll specify my index again of the Simpsons. I could also specify that as S-I-M*, I could do a comma-separated list of Simpsons and Egghead, or I could do a combination of comma-separated and wildcards. This alias would match any index starting with the letter S or starting with the letter E.
I'm going to keep it to just the Simpsons index for the moment. I'm going to create an alias name of Homer, and then I'm going to include some filter criteria. We're going to filter where the raw character text contains the term "Homer." When I send that, Elasticsearch acknowledges it. Now, we can do a query looking for the index alias Homer_search, and get any matches. We get our results returned here, which is a subset of our Simpsons index.
The best way to think about aliases is as creating a view and a relational database world. It really shouldn't be considered a security feature for protecting sensitive data because the data is still available for anyone for anyone who knows how to query Elasticsearch. It should be used as a tool to help filter the results set for users to help them better find what they're looking for.